LEE, HONG, DEGERMAN, KANG & WAIMEY
Boosting Cybersecurity Without Objection
When a global law firm needed to ensure its cybersecurity tech stack set a precedent for future success, it turned to TPx.
The Challenge and Opportunity
With the law firm recently adopting remote work, they needed technology to help keep their business safe from security threats facing organizations today.
Quick Facts
LHDK&W was established in 1991 and has grown into a global operation.
The firm observed a significant drop in the number of clicks on the simulated phishing emails used in the SAT program.
The Solution
The firm partnered with TPx to deploy a suite of cybersecurity solutions plus SD-WAN to enable a more secure remote work environment for its employees.
The Benefits
The firm is able to provide greater flexibility in where people work without sacrificing security or the protocols necessary to keep sensitive information secure.
The Results
LHDK&W cultivated a workforce well-versed in cybersecurity best practices, significantly reducing the incidence of individuals interacting with potentially harmful files.
About Lee, Hong, Degerman, Kang & Waimey
Established in 1991, Lee, Hong, Degerman, Kang & Waimey (LHDK&W) has dozens of lawyers and offices in Los Angeles, Orange County, the Washington, D.C., area, Seoul, and London. The firm provides legal counsel to Global 500 businesses, including major Korea-based companies, with a notable focus on safeguarding intellectual property rights.
“Having good support from the TPx team is a key factor in making good decisions. When you have a good team that understands your needs, someone who’s not pushy, that helps a lot. To me, it’s a relief to have a good support team because you feel confident they know what they’re doing.”
Hugo Arriola, IT Manager, Lee, Hong, Degerman, Kang & Waimey
The Challenge
For over three decades, global companies have relied on LHDK&W for legal counsel. Like many companies, the firm needed to rethink its approach to in-office and virtual work amid the pandemic. However, the firm faced unique challenges due to its rigorous policies and procedures, primarily rooted in the stringent standards it upholds for its system and data access. This level of commitment to security and compliance added complexity to the transition to a virtual office environment.
“Our clients want to make sure that we comply with security requirements, that their information is safe, that only authorized parties can access it,” Hugo Arriola, LHDK&W’s IT Manager, said. “Obviously, IT plays a big role in that. We have to ensure that access is restricted within and outside the firm.”
Before the pandemic, the team always worked in the office. When the pandemic made virtual work necessary, Arriola oversaw the company’s shift as a one-man IT team. “We had to make some changes to adjust so that everything could be done electronically, but to do that, you have to have the tools, the hardware, and the applications,” said Arriola.
The Solution
To ensure the security of their remote work model, LHDK&W partnered with TPx because of its experience developing suites of security solutions that enable companies to stay safe from the many threats facing organizations today.
LHDK&W first completed a Security Advisory Services Gap Assessment where TPx experts conducted a thorough analysis, examining the firm’s existing practices against the stringent requirements derived from NIST, ISO 27000 series, and CISSP. This assessment provided the firm with a comprehensive understanding of their current state of compliance and any gaps that required immediate attention.
While LHDK&W has strict standards for its system and data access, Arriola knew that he needed to heighten security awareness of the LHDK&W employees and make them part of the security solution.
Recognizing the importance of email security, the firm implemented Managed Inbox Detection and Response (IDR) and Security Awareness Training (SAT).
Additionally, because access to its system is the driver of its success, the firm implemented SD-WAN with a 5G failover and fiber at two locations to ensure redundant access. These measures collectively reinforce their mission-critical access requirements, ensuring business continuity and minimizing potential disruptions to their operations.
End User Empowerment
In today’s security landscape, where phishing and ransomware remain top attack vectors, empowering end-users with the right tools and knowledge is paramount. With IDR, LHDK&W was able to give employees an easier way to eliminate guesswork when assessing email threats. If employees suspect a suspicious email, they can report it with a single click right from within their Microsoft Outlook client.
Reported emails are automatically removed from the user’s inbox and placed in an IDR quarantine for evaluation using advanced software and expert security analysts. Safe emails are quickly returned to the employee, while malicious emails are removed from the global domain, minimizing risk to LHDK&W.
The law firm also rolled out an SAT program to its employees, equipping them with essential cybersecurity knowledge. With user error being the leading cause of most successful data breaches, Arriola knows how easy it is for people to fall victim to a cyberattack, which is why the program’s phishing simulations are a critical component that provides LHDK&W employees with hands-on experience. “Attackers are sneaky when it comes to creating fake accounts to capture users’ credentials,” Arriola said. “Secure IDR and SAT have helped us to avoid risky situations.”
The Solution
Malicious actors are becoming more sophisticated in their approach, whether sending a seemingly harmless file or an infected flash drive. Arriola knows he can’t eliminate all the bad guys, but he can reduce their threat to the firm. With TPx’s offerings, particularly its security services, Arriola has mitigated the potential for team members to click on malicious links or open infected files.
In nine months, Arriola observed a remarkable drop, nearly down to zero, in the number of clicks on the simulated phishing emails used in the SAT program. “Users now understand the importance of not engaging with potential threats, as it reflects on their compliance and professionalism,” said Arriola.
The global law firm has already seen a significant improvement in its user security and is already evaluating how the organization can enhance its security strategy even more with TPx. Hugo Arriola is enthusiastic about his future partnership with TPx and plans to transition to TPx’s Managed Firewall solution, driven by his unwavering trust in the partnership. He emphasized, “We’re making this shift because I’m confident in the product’s reliability and the extensive support it offers.”
Additional Resources
Market Guide for Managed Detection and Response
This market guide navigates managed detection and response services and how they provide organizations the advantage of advanced security technologies, skilled analysts, and around-the-clock monitoring, helping them strengthen their overall security.
Six Tips to Protect Your Business From Brute Force Attacks
Is your business prepared to defend against a brute force attack? This can be an issue for companies because it gives criminals a straightforward way to crack into employee user accounts or compromise systems that use encryption keys. We’ve outlined six tips for protecting your business from brute force attacks.